Google’s Threat Intelligence Group (GTIG) has issued a warning to Salesforce customers about a widespread data theft campaign led by the actor UNC6395.
Unlike the ongoing Salesforce vishing campaigns, this new attack exploits compromised OAuth tokens from the Salesloft Drift application to likely harvest credentials (AWS access keys, passwords, and Snowflake tokens, etc.) that can be used to compromise victim environments.
We’re hearing from customers across industries asking:
“Have we been impacted?”
"How do I prevent and monitor for this type of attack across all SFDC apps?"
Join Jack and Brian this friday as we dive into these questions, and more.
How to monitor and prevent this type of attack across all SFDC applications (with or without Arovy)
Background on UNC6395 and what makes this campaign different
Live Q&A to address your specific concerns
Date: Friday, August 29
Time: 11am EST / 8am PST
Duration: 30 minutes
Live Q+A